The Nonverbal Side of Elicitation - Deciphering the Science - Unmasking the Social Engineer: The Human Element of Security (2014)

Unmasking the Social Engineer: The Human Element of Security (2014)

Part III. Deciphering the Science

Chapter 8. The Nonverbal Side of Elicitation

Feelings are much like waves: we can't stop them from coming, but we can choose which ones to surf.

—Jonathan Martensson

I define elicitation as the act of getting information from someone without asking for it directly. This doesn't mean you don't ask questions, and it doesn't mean you don't ask for information. Military and intel folks, living acronyms, often joke about “ASKINT”—Ask Intelligence: “If you ask them, they will tell you!” It's all about how you ask about or around the issue. It means you employ techniques to gather this information from people. I usually refer to the techniques in Robin Dreeke's book It's Not All AboutMe”: The Top Ten Techniques for Building Quick Rapport with Anyone. In that book, Dreeke outlines 10 principles for building rapport with anyone; these are the keys to elicitation:

· Artificial time constraints: Using simple phrases—such as “Can I ask you a quick question?” or “I have to leave in five minutes, can I ask you a quick question?”—leaves the subject feeling more friendly about talking with you.

· Accommodating nonverbals: If you're saying that you're worried or sad and you're showing fear or anger in your nonverbals, then the subject will feel that incongruence. They may not understand why, but the red flags go up, and they feel uneasy. It is important that our nonverbal displays match the story.

· Slower rate of speech: The faster we talk the more prone we are to error, the more we sound like we aren't sure of ourselves, and the easier it is for the subject to view us as shady.

· Sympathy/assistance themes: As mentioned, empathy and sadness are strong links between humans. Using a pretext story that involves the subject helping you out creates a bond quickly.

· Ego suspension: One of the hardest to do, but also one of the most powerful. Suspending your ego, and making others' views, wants, and needs more important that your own, makes people want to be friends with you and like you. Suspending or putting on hold your own ego elevates another person's ego.

· Validation: When compliments are tactfully done and not overdone, they can make a person release dopamine, a chemical in their brains that plays a major role in reward-motivated behavior. That reward is enough to create a strong bond between you and that person.

· Ask how, when, why questions: These types of questions are open ended, encourage the person to engage their brain, and think about how they feel. This is very rewarding if the answers are listened to attentively.

· Quid pro quo: Latin for “this for that.” People feel uneasy if they do all the talking with no feedback; to help the people you are talking to not feel uneasy it is a great idea to throw in a few nuggets about your life every now and then. Caution: Do not let a few small fragments turn into you taking over the conversation.

· Reciprocal altruism: When you give a gift to someone they (psychologically) have a need to reciprocate. Even simple things like holding a door will lead to a reciprocal gift in return.

· Manage expectations: These principles work so amazingly well that many times you can get excited and try to get too much information, raising your subject's defenses. Manage what you expect to get and how many principles you apply at one time.

After rapport is established, people feel comfortable giving you information, and they normally do so willingly and without regret.

Although I won't cover all 10 principles, I feel it is important to define them. I can't do any better than the excellent work Dreeke did in his book. Figure 8-1 shows you these principles.

Figure 8-1 Ten principles to build rapport

image

Each principle has important nonverbal communication aspects. Yet each step can use a little help from the principle of accommodating nonverbals.

When someone approaches you in person or online, a series of questions runs through your head:

· Who is this?

· What does he want?

· Is he a threat?

· How long will he be a part of my life?

Each principle is displayed nonverbally in a certain way that either adds to or detracts from the message being portrayed. The following sections examine a few principles and discuss how nonverbal communications affect them.

Artificial Time Constraints

As I mentioned previously, one of the first questions that we ask internally when a stranger approaches us is, “How long will you be part of my life?” Even if we answer the other questions that may be internally asked, leaving this one unanswered can make the person feel uneasy.

To help answer this from the nonverbal point of view, we need to understand that how we look affects the subject's view of our request.

If I ask you for help with a problem, psychologically, where should my interest lie? Your first reaction might be “With me, because you're asking for my help.” But that would be incorrect. I am focused on my problem, not on you. Humans are self-centered. I don't know you. I'm interested in getting my problem fixed. If my body language says I am interested in you, that intensity will make you feel uncomfortable and will make the engagement harder. Also consider that there's a difference between requesting help for just a moment and asking for help for a longer period of time.

Therefore, I suggest that you create an artificial time constraint while facing to the side or even away from the target. This gives the impression that your interest is not in the person you are talking to, but in your problem. Doing so also reassures the person that you won't take up too much of his or her time.

For example, I once approached a customer in a bookstore to ask for some advice. He had his young son with him. Walking up to the bookshelf they were looking at, I stood to the side of him with my body facing the bookshelf. I turned only my head toward the man and said, “I'm sorry to bother you, but can I get your help for about 5 seconds? I need to buy a book for my nephew. I think your son is about his age. I'm a complete moron about this stuff. What do kids that age like to read?” My “5-second” request turned into a 25-minute conversation in which I found out the man's full name, birthdate, employment history, and many other pertinent details. I was able to build rapport quickly and follow up with elicitation because my nonverbal mixed with an artificial time constraint put him at ease.

Sympathy/Assistance Themes

I often say the four most powerful words in any social engineer's language arsenal are “Can you help me?” This request triggers an automatic psychological response in the other person to determine if helping is safe, convenient, and something that he or she should do.

As discussed in Chapter 7, if the social engineer can trigger empathy in the target, the target's logic centers shut down. This creates an environment more conducive to honoring a request.

I can best illustrate nonverbal communication for the sympathy/assistance themes principle with a story that didn't even involve a social engineering gig. I was walking out of my local grocery store when, a few yards ahead of me, an older woman wheeling her cart reached into her purse to pull out her car keys. When she did, something fell out. As I got closer, I saw it was a little wad of money.

I picked it up and began following her. As I approached, she was loading her groceries into her trunk. She was maybe 5 feet tall. As my 6-foot-3 frame loomed over her, I tapped her on the shoulder and said, “Excuse me. You dropped this money.”

Her surprise turned into fear; perhaps she only heard “Excuse me” and “money.” She began screaming “I'm being mugged!”

Immediately a couple of guys ran toward me—a large man in a black leather jacket, chain wallet, and jeans holding a wad of money in front of a small, elderly woman.

What was my mistake? My approach. Instead of coming at her from the side or walking up slowly, I was thinking “I'm here to help her,” and I offered assistance with inappropriate nonverbals.

When social engineers ask for assistance, we need to plan our body language and facial expressions carefully. We want to display an appropriate level of sadness. We should not have our chest puffed out, standing in a dominant stance, showing fear, anger, or even happiness. At the same time, we don't want to appear so dejected and sad while making our request that we make people nervous.

Recall my interaction in the bookstore. If I had approached my target with tears running down my cheeks, the man may have grabbed his son and fled.

Tempering our nonverbal displays to match the emotion that is appropriate with the request is an important part of moving toward elicitation using the sympathy/assistance themes principle.

Sometimes we can elicit help without even having to ask. In one engagement I walked into the lobby of an office building and stood in a corner as I prepared for my approach. I must have let out a loud sigh, because as one of the gatekeepers passed me, she stopped and asked, “Are you okay, Honey?”

Thinking fast, I answered, “No, actually. Thanks for asking.” I began to turn away slowly as I lowered my shoulders.

“What's wrong?” she asked. “Can I help?”

“Well, unless you get me in to meet with the head of HR in the next 5 minutes, probably not.” I sighed again. I told her I was supposed to meet with someone in HR whose name I had forgotten.

“You're probably meeting with Beth Smith. I can get you in. Just come with me.”

“Beth! Yes, that is it! Thank you so much.”

“Now stop being nervous. It will all be OK,” she told me as she buzzed me through the locked doors.

With a little nervousness, a couple of sighs, and matching nonverbals, I was in the door and roaming the halls.

Ego Suspension

Ego suspension is arguably the single most important aspect of rapport building, because it tends to lead to elicitation. Ego suspension is one of the most powerful principles a social engineer can use.

People like to be around others who are humble, who can admit they are wrong, and who let others be themselves. All of this requires you to suspend your ego. Nonverbal communication goes along with ego suspension.

Look back at Figure 5-1, but don't read the caption. What does it make you think of? Definitely not humility! Next, go to Figure 5-20. Again, do you see humility? Someone you want to approach? Most likely not. How about Figure 4-10? Again, all of these are examples of body and facial language that do not ooze humility. When we feel confident, nervous, upset, or rejected, we may display nonverbal behavior that does not display humility.

Think of one person you consider to be humble—one person who, when he or she talks to you, makes you feel important and good.

I had a close friend named Brad Smith. Unfortunately he passed away recently, but those who knew him would say he was a tremendous example of ego suspension. One incident that I can relate to show you the power of ego suspension involves Brad.

I was at a conference running a social engineering competition. One of the security people told me that in the evening my contest room would be converted into a party room. Hearing this upset me because I had equipment, banners, and electronics in there, and it was supposed to be exclusively my room. I was really upset, even now as I type this story I can feel my blood pressure rising.

A few people on my team said things like “It's okay; we'll make it work.” and “Wow, that stinks.” None of them helped me calm down or think rationally, not that it was their job, but I felt myself getting more upset. When I was almost at full-blown amygdala hijacking stage, Brad walked in and saw the stress on my face.

He approached me and lightly touched my arm, looked me in the eye, and, with a soft voice and lower body posture (bringing down his shoulders but not hunching), said, “Hey, can I talk to you alone for a few seconds?”

“Brad, I'm not in the best of moods,” I snapped, quickly feeling bad.

“I know,” he replied. “I can see why. But could you spare just a few minutes for an old man who doesn't know much?”

Wow! The light touch, soft voice, and non-condescending tone were all backed up by words spoken in a true form of ego suspension. We sat down and spent the next 20 minutes calming me down and helping my logic centers kick in so that I could fix the problem and move on.

That same day, an autistic young man attending the conference had a meltdown. People were becoming irritated. Brad approached the young man and—again with a light touch and a soft voice—said, “I don't think I know anything about you. Can you talk to me for a few minutes?” He sat with Brad for over an hour and calmly talked about his life. Brad helped him see how he could react better and deal with stress.

When we master ego suspension, like Brad did, making requests of others is easy, and getting those requests granted is even easier. Over the last year or two I have analyzed Brad and the interactions I had with him to see how any social engineer can harness this power.

Brad did a few key things that all play into the nonverbal portion of ego suspension:

· Lowering the voice

· Soft, nonsexual touches

· Mild gazes

· Lower body posture

These actions were followed by a request for help. How can you not want to help this kind of person? As you grant the request, a warm smile with a head tilt tells the person that you trust him, and that you appreciate his trust in return.

Ego suspension is powerful, and it works like magic to break down barriers and get people talking.

Ask How, When, and Why Questions

The last principle of building rapport to lead to elicitation I will consider from a nonverbal standpoint is the use of how, when, and why questions. Briefly, these types of questions are more powerful than where, what, and yes/no questions.

Suppose you ask someone either “Where did you go on vacation?” or “Why did you choose that area of Florida for your vacation?” Which question do you think is more likely to make someone open up? When you ask the second question, your subject has to formulate a response based on her emotions, likes, and dislikes, and the social engineer gets a glimpse of how she thinks. How, when, and why questions engage the person's brain, more than other types of questions.

Nonverbal language plays into these types of questions because how we hold ourselves while asking these questions makes the person feel either uncomfortable or trusting.

Look back at Figures 4-3 and 4-11. Which one shows Ben displaying body language that would put the target at ease?

In Figure 4-3, Ben's thumb display, facial expression, and square shoulders might make the target feel like Ben wasn't really interested in her answer, just the question.

In Figure 4-11, Ben is showing a ventral display and a nice facial expression that says he really is curious. Both the ventral display and the expression say he trusts the target and therefore can be trusted himself.

This is important to discuss because we naturally do these things when we ask questions. Sometimes during an engagement, though, we are focused on the goal or task at hand. When we focus on the goal, not the person, we begin to act unnaturally. Fear, tension, worry, irritation, or other emotions or feelings start to arise. When they do, our nonverbal language changes from “Trust me” to “Show caution.”

These aspects of elicitation and rapport building are essential, but many other skills can help. Throughout this book I've referred to Dr. Ekman's research into something called conversational signals. The next section discusses them at length.

Conversational Signals

As I mentioned in Chapter 6 when I discussed comfort versus discomfort, sometimes it is easier to first look for little clues and then try to reinforce what you found by looking deeper.

Seeing a sign of discomfort is generally easier for the untrained than seeing a microexpression that lasts for 1/25 of a second. Along these lines, Dr. Ekman wrote a chapter in the book Human Ethology in 1979. In Chapter 3 he wrote about eyebrows being used as conversational signals.

Before getting deeper into describing conversational signals, I need to take a step back to the Facial Action Coding System (FACS) program mentioned in the Introduction and the three action units (AUs) that relate to these conversational signals.

Action Unit 1: Inner Brow Raiser

One large muscle runs vertically from the top of the head to the eyebrows, covers almost the whole forehead, and raises the eyebrows. To use this muscle, pull up the inner portion of the eyebrows. This causes the eyebrows to form an oblique shape, and the skin in the center of the forehead wrinkles (only in the center—not across the whole forehead). Figure 8-2 shows Dr. Ekman performing this action.

Figure 8-2 Action unit 1 from the FACS program

image

Action Unit 2: Outer Brow Raiser

The lateral part of the same muscle that helps create AU1 creates AU2. This action pulls up the eyebrows and adjacent skin. To create AU2, pull up the outer portion of the eyebrows. Doing so arches the eyebrows and stretches up the outer portion of the eye fold. Sometimes short wrinkles appear in the lateral portions of the eyebrows. Figure 8-3 shows this action unit.

Figure 8-3 Action unit 2 from the FACS program

image

Action Unit 4: Brow Lowerer

Three strands of muscle run through the forehead and help control this action unit. Typically all three of these strands act together, although more of one strand than another may be involved in any of these actions. To create AU4, lower the eyebrows—the inner portion, the middle, or the whole brow. Contracting the muscles in this manner pushes down the eye fold cover, narrows the eye aperture, and pulls the eyebrows closer together. While pulling down the brows, do not wrinkle the nose. Figure 8-4 shows an example.

Figure 8-4 Action unit 4 from the FACS program

image

These details are pretty technical, but they are essential as a baseline for understanding the next section. As I talk about these conversational signals, I will refer to AU1, AU2, and AU4 used individually or in various combinations.

Conversational Signals of Emotions

Just as certain facial expressions indicate an emotion, you can look for signals during a conversation that can indicate an emotion that the person is feeling. The paper Human Ethology outlines the emotions I spoke about in Chapter 5 with these action units.

For instance, in surprise you notice both AUs 1 and 2. Both the inner and outer parts of the eyebrows are raised and arched, followed by the raising of the upper eyelids and the dropping of the jaw. In fear you see AUs 1 and 2, as well as 4 in combination with the raising of the upper eyelids, tightening of the lower lids, and stretching of the lips. In anger you notice AU4 with the brows coming down and together, and with a tightening of the lips and lower lids. In sadness you notice either AU1 or AUs 1 and 4, forming the brows in an inverted V. This is combined with the relaxation of the upper eyelids, slight raising of the cheeks, and depression of the chin.

AU4 can be seen in some expressions of both disgust and happiness, where the brows are lowered, though often more slightly in happiness.

All of this is closely connected to what I wrote about in Chapter 5. It is common for these eyebrow movements to occur without other facial expressions being involved. So what if you notice these AUs in the eyebrows without the accompanying facial movements?

Dr. Ekman has come up with some hypotheses that are labeled as conversational signals in regards to the meaning of eyebrow movement when not associated with other emotional facial movements.

I will outline some of the most commonly used conversational signals that Dr. Ekman found and show how important they are for the social engineer to recognize.

Breaking Down Conversational Signals

There are a few key factors to keep in mind when reading conversational signals. The research done by Dr. Ekman noted some differences between facial expressions and conversational signals. Mainly, conversational signals, unlike microexpressions, can change with culture.

In addition, a conversational signal is not something uncontrollable, like a microexpression. Most listeners are unaware of their own conversational signals. However, we can consciously choose to display conversational signals to “signal” to the other person to develop rapport, or to show that we are listening, in agreement, in disagreement, or some other message.

As I talk about this, try to make these combinations just in the eyebrows and see how you feel. Also picture in your mind what the next movement would be.

Batons

Similar to the hand batons mentioned in Chapter 3, these batons are used as an emphasis movement to accent a word. The most frequent baton found is the combination of AU1 and AU2, raising the eyebrows as high as they go, signifying surprise, questioning, or doubt. As a listener, a slight raise of the eyebrows can show a “pleasant” surprise—as “I'm impressed”—which can enhance rapport and encourage the listener to say more.

Another is the use of just AU4, which signifies cognitive load, confusion, or perplexity. Knowing that this eyebrow baton of AU4 can signify confusion, a social engineer would want to practice avoiding it when pretexting confidence. If we approach our target looking confused, we remove confidence.

On the other hand, the use of AUs 1 and 4 to display sadness by forming the brows in an inverted V (take a look Figure 5-11 for an example) can help the social engineer if the subject starts to show signs of reluctance to comply; while using only AU4 as a baton can show interest or concentration.

Underliner

To understand the underliner, think about underlining an important phrase in a magazine or book. As you do so, you cover many words—maybe even an entire sentence. The same is true of this conversational signal. A combination of AUs 1 and 2, or AU4 can be used, but imagine the difference in how while reading this. A person using an underliner may raise his voice or stretch out a word as it is spoken. What eyebrow movement or conversational signal do you see being used? The raised brow is what I see (AUs 1 and 2) as the words are being spoken, especially if the voice volume is getting higher and louder.

Punctuation

During a conversation you may want to punctuate certain words or phrases, maybe with an exclamation or even a question mark. This is often done using a conversational signal in the forehead.

AUs 1 and 2, or 4 can be in play in this conversational signal, but they are employed very differently. Whereas AUs 1 and 2 would be used as an exclamation, AU 4 is used to punctuate the seriousness of the words, the importance of what is being spoken, or the difficulty of what is being described. All of these signals punctuate the words as they are being spoken.

Question Mark

Maybe during a conversation you want to accentuate a question you have, or relay to your conversation partner that you doubt something that was said, or even more seriously are perplexed by something that was said.

AUs 1 and 2 are employed here, as you would imagine. These brow raises are used when people ask questions and also when they are unsure during an answer. If someone is perplexed during a conversation, she employs AU4 to lower her brows reflecting cognitive load.

Word Search

When you have trouble thinking of a word you want to say, what conversational signal is being used?

AU4. The eyebrows come together in the middle, displaying cognitive load (thinking), and you may even snap your fingers to try to remember the word. When you finally recall it, your eyebrows relax.

Another use of AUs 1 and 2 is when someone looks up, searching for his word. His eyebrows are raised with the eyes in that search.

Nonverbal Conversational Signals

You might be thinking, “All the conversational signals employ AUs 1, 2, or 4. What's so special about that?” Good question. When we see these being employed during a conversation, it should be easy to determine what they mean, right?

Imagine that you are listening to someone tell a story. During one section he employs AU4 bringing his brows down and together, his finger is outstretched, and his voice lowers. What's happening at this point? He's telling a serious, ominous, or negative part of the story.

This is easy to see when words are involved. Dr. Ekman's research found implications for the social engineer on the flip side of this scenario: when conversational signals occur without speech.

This is an important topic because understanding what someone may be conveying without speaking can enhance your ability to communicate and influence the subject. Remember, the following conversational signals are employed with no words being spoken.

· Disbelief: If someone employs AUs 1 and 2 while pulling down the corners of the lips, relaxing the upper eyelids, pushing up the lower lip, and rocking the head from side to side, this signifies disbelief.

· Mock astonishment: Combining AUs 1 and 2 with raised upper eyelids and an open mouth is commonly seen when someone is astonished.

· Affirmation and negation: This is an interesting one because its meaning differs depending on the culture in which it is displayed. In the West we see a head tilted back with a quick flash of AUs 1 and 2 as an affirmation. Yet among Greeks and Turks this is a negative, not an affirmation.

· Sophisticated skepticism: In sophisticated skepticism, AU2 is utilized on only one side of the face. That eyebrow is raised, signifying that the person is skeptical. Dr. Ekman found no naturally occurring example of this; he saw it only when it was being done on purpose to show skepticism. Therefore, if you notice this display, it is deliberate, not genuine. Dr. Ekman points out examples in films from the 1930s and 1940s. I associate this signal with something we might see from Mr. Spock in Star Trek. PK notes that John Belushi often used a classic one-brow raise to show obvious intended skepticism. This is not to say that the person is trying to deceive you, but it is not a naturally occurring signal.

· The head nod: PK and Dr. Ekman also note the effect of the head nod as a simple but effective conversational signal. How many times do you notice someone nodding their head (vertically) in the affirmative while you are speaking? Most times, the listener is unaware of this signal. By consciously nodding their head while listening, the speaker will take note, and being rewarded by the approval, be more at ease, and more talkative—a great technique for both rapport building and elicitation.

· Lastly, the head bobble: PK told me a story of when he first traveled to Pakistan, he noted a common variation of the head nod that was unknown to him. The listener began nodding his head laterally—not in the negative display of turning the head side to side, but like trying to move his ears slightly to his shoulders. He later asked about this and learned that this is a very common conversational signal in South Asia to reflect that your message is being understood and processed as the head bobs side to side. He saw this same regional signal during a trip to India.

Conversational Signals as a Social Engineer

There is probably no better way to summarize this section than with what Dr. Ekman said on page 202 of Human Ethology:

The student of emotional expression needs to understand the conversational signals as well. These actions occur often and if they are not recognized will confuse the study of emotional expression. The student of conversation must understand the emotional expressions if he is to disentangle them from actions that are directly guided by conversational process.

I couldn't agree more. It is vitally important as a social engineer for you to understand these signals. These little clues can help you see if your subjects are getting the point, showing disbelief, or becoming bored. You can then adjust your approach, enhance your style, and communicate more efficiently when you see these signals.

Remember, you need to practice only three AUs: 1, 2, and 4. Make this your mantra for conversational signals: Eyebrows up, eyebrows down, nod to encourage. Practice these so that you understand how they feel and how they make you feel. Looking for these signals in others and recognizing them during conversation can help you decipher the emotions of the person you are speaking to.

Summary

Elicitation is the crux of the social engineer's job. As a social engineer, I talk a lot about how to utilize elicitation tactics, but this chapter took a new approach to elicitation skills—the nonverbal approach.

This chapter has combined the work of Dr. Ekman with that of great minds like Robin Dreeke and Dr. Robert Cialdini. I have blended that information with the experience and practice I have gained over many years. This creates a recipe for success in any elicitation venture, whether you are a social engineer or not.

You may converse with many people throughout the day. We don't often think of all the aspects involved in a conversation—where our eyebrows are, how our body is positioned, what our face and hands are doing. Yet our conversations go well, and we relay and receive information just fine. How, then, can you use this information?

This is another arrow in the social engineer's quiver. The more signs you can recognize, the easier it becomes for you to rid yourself of negative traits and enhance the ones that make conversation easier. In a world where we've been spending more time texting, emailing, and posting on social media, conversational quality has diminished.

A 2011 study titled “Americans and Text Messaging” (http://pewinternet.org/Reports/2011/Cell-Phone-Texting-2011.aspx.) by Aaron Smith states that 31 percent of Americans would rather receive a text message than carry on a face-to-face conversation. And this percentage probably is even higher today because of Facebook, Twitter, Snapchat, Instagram, and other social media. The art of conversation, along with elicitation, is more important than ever for the social engineer to understand. That is what makes this chapter so important.

How do we put all this together? This book contains much research and information on how nonverbals play a serious role in our everyday communications. How can you put everything to use? That is the topic of the last chapter.